The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2975179/profile-extra-fields | Release Notes |
https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve | Third Party Advisory |
Configurations
History
07 Nov 2023, 04:22
Type | Values Removed | Values Added |
---|---|---|
CWE |
11 Oct 2023, 17:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Bestwebsoft
Bestwebsoft profile Extra Fields |
|
CPE | cpe:2.3:a:bestwebsoft:profile_extra_fields:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/changeset/2975179/profile-extra-fields - Release Notes | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve - Third Party Advisory |
06 Oct 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-06 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4469
Mitre link : CVE-2023-4469
CVE.ORG link : CVE-2023-4469
JSON object : View
Products Affected
bestwebsoft
- profile_extra_fields
CWE
No CWE.